Nima Razi

972-***-**** McKinney, TX ***** adjryg@r.postjobfree.com

PROFESSIONAL SUMMARY

Solution driven Information Security Professional with 16+ years of experience in several markets such as Information Technology, Software, Financial Services, Banking, E-commerce and Insurance. Responsible for the governance of day-to-day operations of all security technologies, development and enforcement of security practices, audits, compliance, and controls. Strategic leadership based on threat and risk evaluation, project initiatives encompassing budgeting, business justification and implementation, including security operations, policies, and processes.

TECHNICAL EXPERIENCE

Software/Databases: AWS and Google Cloud Computing Environments, NIST Security Framework, Admin, Network and Systems reviews and protection (O365, Cylance, Palo Alto, AD, etc.), Payment Vault, SIEM, Splunk, CoalFire, Jira, Trustwave, Rapid7, Slack, Archer, VMware, Checkmarx, Fortify, Coverity, Black Duck, GitLab Oracle, MS Suites, SharePoint, AS400, Database Management, Infrastructure Application

Expertise: GRC (Governance, Risk, Compliance) Life Cycle; External Security Audits, Cybersecurity; Cloud Security, Payment Processes, GDPR, CCPA, PCI, PCI-DSS, SOC2 Type II, SOX, HITRUST, ISO27000, FedRAMP, HIPAA regulatory compliance; Operations; Threat & Vulnerability Management; Access Control; Endpoint Security Management, External/Internal network vulnerability scans; Server Level Protection; Endpoint Protection; App-level Protection; QA-App; Product Road Map (Data retention, tokenization, production down); Penetration Testing (PEN); InfoSec knowledge and training; Enterprise Risk, Vendor Management, Metric reporting, Project management, Customer support and account management, Audit management and internal audit standards, Risk assessment tools, Compliance program execution

PROFESSIONAL EXPERIENCE

KIBO SOFTWARE, Dallas, TX October 2017 - August 2020

Sr. Manager of Information Security

Information Security Leadership:

Expanded Kibo's comprehensive program addressing controls and compliance for internal protection of intellectual property, environments, assets and data, in addition to the protection of client data including credit card and personal identifiable information.

Lead the information security integration of two acquired companies into Kibo's security program.

Responsible for GDPR/CCPA escalations and concerns as the DPO (Data Protection Officer); accountable for addressing and assisting with security inquiries and/or concerns at all levels.

Managed payment processes and tokenization transmit cardholder data and carry transactions through debit and credit cards ensuring security controls and processes required by PCI DSS for protecting cardholder and storing account data were up to standards.

Information Security Engineering:

Optimized strategic initiatives including audit compliance, process, and control improvements.

Promoting security awareness in the organization and for oversight of the management of access privileges, including security training and awareness across the company and new hire orientation.

Successfully led quarterly corporate wide security trainings for Kibo on best practices with GRC.

Nima Razi, 2 of 3

Management of Risk Mitigation:

Determining, creating, implementing, and enforcing all of Kibo's information security standards, technologies, policies and procedures.

Continually review and provide updates to security threats and vulnerabilities in Kibo’s information systems, while reassessing the amount of risk present as well as the cost and value of implementing controls and preventative measures; monitor and evaluate security operations, investigative processes, automation, threat hunting techniques, Incident response, eDiscovery, legal holds, forensic investigations, and technologies.

Develop and manage regulatory compliance audits, procedures, recommendations and standards to ensure compliance with applicable security laws, regulations, and privacy legislation.

Responsible for protecting payment data, including any processed, transmitted or stored data via Payment Vault while ensuring authentication after authorization and preventing unauthorized use.

Managing audits, facilitating risk assessments, walkthroughs, and process/control enhancements, and also supporting and remediating assessments of audit findings.

Overseeing incident response planning as well as the investigation of security breaches and assisting with disciplinary and legal matters associated with such breaches as necessary, while coordinating disaster recovery, business continuity, critical incident, legal, and human resource processes.

Managing the development and implementation of global security policy, standards, guidelines and procedures to ensure ongoing maintenance of security and system changes as needed.

Working with other executives to prioritize security initiatives and spending based on appropriate risk management and/or financial methodology.

Reporting on Information Security and related issues to senior management and Board of Directors.

SENIOR INFORMATION SECURITY CONSULTANT March 2010 - September 2017

DFW Metroplex

Dell / NTT Data Services

Responsible for ensuring audit and related compliance requests and tasks were addressed accurately and timely performed testing on the client’s assets for meeting of audit compliance requirements, among a vast array of different controls to ensure the highest quality risk analysis. Using tools sure as Black Duck and Archer.

Defined project governance, outlining roles, responsibilities, decision rights and clearly defined escalation path.

Verizon

Executed multiple Enterprise level IT compliance related projects that included storage, virtual

machines, severs, networking and various other technologies; supporting reactive complex fixes and proactive lifecycle upgrades.

Provided a holistic view of the overall project to the organization and all stakeholders.

State Farm

Managed/lead IT audits and reviews with all subsidiaries, vendors, and coordinated with operational audit teams, and developed detailed scope and audit programs for base line controls and activities to ensure State Farm’s compliance and external audit success.

Communicated the projects progress on an on-going basis, ensuring transparency throughout project lifecycle. Provided leadership and key stakeholders with the information and venues to make effective, timely decisions.

Bank of America

Examined process control reports, optimized variances of IT compliance Regulations and Policies, and ensured resolutions; performed root cause analysis and prepared recommendation for remediation when metrics were variant from targets and goals.

Defined the overall scope of the project; Creating and maintaining a consolidated timeline/schedule highlighting the major milestones and associated dates for project activities.

Nima Razi, 3 of 3

JP Morgan Chase

Managed daily IT analyst productivity and quality performance, assisted with risk assessments, audits and compliance, and ensured success of team SLAs.

Ensured all stakeholders (internal & external) engaged in the project, aligned on expected outcomes and informed about what is occurring throughout project.

BANK OF AMERICA, Plano, TX Feb 2004 – Feb 2010

Compliance Manager, National Underwriting Department

Collaborated with senior leadership in the overall operation of the department and ensured audit success; responsible for daily operations of two teams in multiple states and meeting of service level agreements and performance expectations.

Managed and motivated compliance exceptions team for national underwriting department.

Comprehensive knowledge of underwriting compliance guidelines and restrictions for conventional and government-insured loan programs for both conforming and nonconforming mortgages, leading to successful funding and close of loans.

EDUCATION AND CERTIFICATIONS

ISACA® member

CISA Certification in progress

Collin College

Business Management and Administration

Contact this candidate